About the security content of Xcode Tools 2.3

This document describes the security content of Xcode Tools 2.3, which can be downloaded and installed from the Apple Developer Connection.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

Xcode Tools 2.3

Impact: If you install WebObjects developer tools, remote attackers may be able to obtain or modify WebObjects projects while Xcode is running

Description: The WebObjects Xcode plug-in provides the ability to manipulate projects through a network service. This service is accessible to remote systems while Xcode is running. This update addresses the issue by limiting this service to the local system. This issue does not affect default installations of Xcode Tools. Only systems with the WebObjects plug-in installed are affected. Credit to Mike Schrag of mDimension Technology for reporting this issue.